Google Detects Large Rise in Email Phishing in Iran Just Before Elections

The attacks and their timing suggest they are politically motivated, according to Google.

Google says it has been monitoring a series of email phishing campaigns going on in Iran just as the nation is preparing for its national elections on June 14.
"For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users," wrote Eric Grosse, Google vice president of security engineering, in a June 12 post on the Google Online Security Blog. "These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region. The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday."
Google made the announcement about the attacks to let users there know about the situation so that they can avoid being victimized, wrote Grosse.
"Our Chrome browser previously helped detect what appears to be the same group using SSL certificates to conduct attacks that targeted users within Iran" in September 2011, he wrote. In the latest cases that have surfaced, "the phishing technique we detected is more routine: users receive an email containing a link to a web page that purports to provide a way to perform account maintenance. If the user clicks the link, they see a fake Google sign-in page that will steal their username and password."

To fight the latest phishing attacks in Iran, Grosse wrote that Google has notified targets of state-sponsored attacks and other suspicious activity, while the company is also taking "other appropriate actions to limit the impact of these attacks on our users."

Users in Iran are also being urged by the search giant to take extra steps to protect their accounts, including being careful where they sign into their Google accounts, he wrote. Users are also being encouraged to use up-to-date Web browser software and to enable two-step verification in Gmail accounts to better protect themselves and give them an extra layer of security.
These steps "can make you significantly more secure against these and many other types of attacks," wrote Grosse. "Also, before typing your Google password, always verify that the URL in the address bar of your browser begins with https://accounts.google.com/. If the website's address does not match this text, please don't enter your Google password."
The Iranian elections so far have been tightly controlled, according to a June 12 post on The New York Times' Bits Blog.
"Many leaders of the 2009 opposition have fled the country, been silenced or jailed," the post reported. "The two main presidential challengers in those elections, Hussein Moussavi and Mehdi Karroubi, remain under house arrest."
In October 2012, Iranian authorities blocked access to Google's Gmail service for about a week after the company refused to remove a controversial anti-Islam video clip from its YouTube streaming video Website. The one-week service blockage generated complaints from Iranian residents and even from members of Iran's parliament.
YouTube access has been blocked in Iran for a long time, and the Gmail blocking came after government officials were angered by Google's refusal to remove the anti-Islam film clip from the service. The Iranian government uses Internet filters to keep residents from using many Websites while they are in the country. Many Iranians have found workarounds to such bans by using virtual private network (VPN) software that makes the computer appear as if it is based in another country. That method, however, isn't always without problems.
The controversial film clip that inspired the political ruckus was an advertising film trailer from the anti-Islam film "Innocence of Muslims." The clip and the film on which it is based generated anger and protests around the world.